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Here are the resources we use in the course and you can 
use the links below for more information in each 
section: 


Creating Virtual Lab: 


e 1) Virtual Box - https://www.virtualbox.org/ 

e 2) Kali Linux - https://www.kali.org/ 

e 3) OWASPBWA -https://sourceforge.net/projects 
owaspbwa/ 

e 4) TryHackMe Platform - https://tryhackme.com/ 

e 5) HackTheBox Platform(Optional) - https:// 


www.hackthebox.eu/ 


Website Enumeration & Information Gathering 


e 6) Google Dorking - https://www.exploit-db.com/google- 


hacking-database 
e 7) WhatWeb - https://tools.kali.org/web-applications 


whatweb 
e 8) Dirb - https://tools.kali.org/web-applications/dirb 
e 9) Nmap - https://nmap.org/ 
e 10) Nikto - https://tools.kali.org/information-gatherin 
nikto 


Introduction To Burpsuite 
e 11) Burpsuite - https://portswigger.net/bur 
e 12) Burpsuite Usage - https://portswigger.net/bur 
documentation/desktop/penetration-testin 


HTML Injection 
e 13) What is HTML Injection - https://owasp.org/www- 
project-web-security-testing-guide/latest/4- 
Web_ Application Security Testing/11-Client-side_Testing/ 
03-Testing for HTML Injection 


Command Injection 
e 14) What is Command Injection - https://owasp.org/www- 


community/attacks/Command_ Injection 


Broken Authentication 
e 15) Broken Authentication - https://owasp.org/www- 


project-top-ten/2017/A2_2017-Broken Authentication 


Bruteforce Attacks 
e 16) Hydra - https://tools.kali.org/password-attacks/hydra 


Broken Access Control 
e 17) What is Broken Access Control - https:// 
hdivsecurity.com/owasp-broken-access-control 


Security Misconfiguration 
e 18) Problem With Default Credentials - https:// 
www.techrepublic.com/article/how-to-find-and-fix- 
vulnerable-default-credentials-on-your-network/ 


Cross Site Scripting - XSS 
e 19) Useful XSS Cheatsheet - https://portswigger.net/web- 


security/cross-site-scripting/cheat-sheet 


SQL Injection 
e 20) Useful SQL Injection Cheatsheet - https:// 


portswigger.net/web-security/sql-injection/cheat-sheet 


XXE 
e 21) What Is XXE ? - https://portswigger.net/web-securit 
XXe 


Components With Known Vulnerabilities 
e 22) What is the danger of CWKV ? - https:// 
hdivsecurity.com/owasp-using-components-with-known- 


vulnerabilities 


Logging & Monitoring 
e 23) Why We Perform Logging & Monitoring - https:// 
www.appdynamics.com/product/how-it-works 
application-analytics/log-analytics/monitoring-vs-logging- 
best-practices 


Bug Bounty/Penetration Testing Platforms 
e 24) BugCrowd - https://www.bugcrowd.com/ 
e 25) HackerOne - https://www.hackerone.com/ 
e 26) SynAck - https://www.synack.com/ 
e 27) Intigriti - https://www.intigriti.com/ 


